Sonar expands SonarQube with advanced security for third-party open-source code

Code quality testing startup SonarSource SA today announced the upcoming release of SonarQube Advanced Security, a new offering that will extend the company’s analysis capabilities beyond first-party and artificial intelligence-generated code to include third-party open-source code.

The new solution is being pitched as the first fully integrated solution for developers to find and fix code quality and code security issues in the development phase of the software development lifecycle.

Sonar’s new solution delivers enhanced security that gives developers visibility to find and fix security issues as they code. SonarQube Advanced Security features strengthen existing security capabilities, which will remain available in the core SonarQube solution.

Features of SonarQube Advanced Security include software composition analysis for identifying vulnerabilities in third-party dependencies and streamlining the management of known security risks, including common vulnerabilities and exposures. The service also ensures license compliance, allowing organizations to verify that open-source components align with internal policies while providing the ability to generate a software bill of materials for better visibility and tracking.

The solution introduces advanced static application security testing, or SAST, which detects hidden vulnerabilities in code interactions with third-party dependencies that traditional tools may overlook. SonarQube Advanced Security gives developers a more comprehensive toolkit for maintaining high-quality, secure code throughout the development process.

SonarQube’s core security capabilities remain integral to the new offering, including SAST for first-party code, taint analysis to uncover injection vulnerabilities, and secrets detection to prevent hard-coded credential leaks. Additional features include infrastructure-as-code scanning for misconfiguration detection and security reporting to ensure compliance with industry standards such as the Open Web Application Security Project Top 10, Payment Card Industry Data Security Standard and Common Weakness Enumeration Top 25.

The service also supports custom security engine configurations to allow organizations to fine-tune security settings based on specific requirements.

“Our approach to code security is rooted in the same philosophy that allowed us to become the leaders in code quality — we put developers first,” said Sonar Chief Executive Tariq Shaukat. “The release of advanced security features as an extension of our existing SonarQube offering provides an even more comprehensive integrated code quality and code security solution that empowers developers to build better, faster.”

The forthcoming launch of SonarQube Advanced Security integrates technology from Tidelift Inc., which Sonar acquired in December. In particular, the release integrates Tidelift’s proactive approach to improving third-party code quality and code security by working directly with open-source maintainers.

Image: Sonar

Enjoy the perfect blend of retro charm and modern convenience with the Udreamer Vinyl Record Player. With 9,041 ratings, a 4.3/5-star average, and 400+ units sold in the past month, this player is a fan favorite, available now for just $39.99.

The record player features built-in stereo speakers that deliver retro-style sound while also offering modern functionality. Pair it with your phone via Bluetooth to wirelessly listen to your favorite tracks. Udreamer also provides 24-hour one-on-one service for customer support, ensuring your satisfaction.

Don’t miss out—get yours today for only $39.99 at Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!